Open eseb63 opened 2 weeks ago
what are supposed to be these files? they are blocked by mediafire as dangerous ones
Where is stored this user choice and how to revert for a considered account ?
This choice is stored in the extension storage provided by Thunderbird. To reset that you have to click "Clear storage of selected entries":
this token is temporary and different at each request, so why saving it in the KeePass database ? it seems to be unuseful as it can't be reused ?
This token is used the next time to access the server and then renewed. So without saving it you would have to authenticate every time.
a request to oauth://login.microsoftonline.com is made (at least twice, sometimes three)
this to get and update the right token
so, the question remains : shouldn't the "save new credential (with or without confirmation)" option ignore accounts with two-factor authentication?
This would only leave you with the option to store the token in the Thunderbird password manager...
i don't understant why the KeePassNatMsg key showed in KeePassXC-mail doesn't match the one showed in the KeePassNatMsg options in KeePass ? hexadecimal conversion ?
I display the database hash which indentifies the database. I think in KeePassNatMsg you see the key of the connection (I do not have that available at the moment... but in KeePassXC it's that way). I will display the first few characters of the key in the next version...
why KeePassXC-mail ask for such permissions (total access to Thunderbird and the computer) ?
To be able to interact with the password management system of Thunderbird it needs to use a so called experiment. I already opened this ticket to not have the need to request so high privileges. But as long as this is not implemented there is no other way.
i used Thunderbird for a long time in its 68 version to use with the keebird extension and a KeePass database.
Microsoft recently alerted that classic authentification modes (imap and pop) wouldn't be supported anymore so i test Thunderbird with KeePassXC-mail and KeePassNatMsg to manage oauth authentification.
my configuration :
first test without any option
I have several Microsoft accounts and another for Orange provider (i am french) : for each, i configured pop and imap accounts in Thunderbird.
I first tested without checking any option checkbox in KeePassXC-mail (i kept the keebird entries in the KeePass database) :
Where is stored this user choice and how to revert for a considered account ?
after that it worked again but with dialog prompt for all accounts.
I then tested the KeePassXC-mail options (my translation may be approximative) :
"auto submit" option :
"save new credentials" option (classic authentification) :
"save new credentials" option (two-factor authentification) :
i investigated a bit about the oauth protocol and discovered that each access to the account begin with a token request to the oauth server (oauth://login.microsoftonline.com for microsoft) ;
this token is temporary and different at each request, so why saving it in the KeePass database ? it seems to be unuseful as it can't be reused ?
i examined the behavior with the Thunderbird console : a request to oauth://login.microsoftonline.com is made (at least twice, sometimes three), whether a relevant entry exists in the KeePass database or not.
the process is also quite invasive (and is repeated at least twice) :
KeePassXC-mail dialog prompt to confirm to store the token
KeePassNatMsg dialog prompt to allow access (several times)
KeePass dialog prompt to allow the entry creation (or update)
"save new credentials without confirmation" option :
contrary to what the name of the option indicates, the information does not seem to be saved
so, the question remains : shouldn't the "save new credential (with or without confirmation)" option ignore accounts with two-factor authentication?
silent process settings
at this moment, my settings to have a silent process are : in KeePassXC-mail :
in KeePassNatMsg :
last questions :
what is exactly the action of "clear storage of the selected entries" button ?
i don't understant why the KeePassNatMsg key showed in KeePassXC-mail doesn't match the one showed in the KeePassNatMsg options in KeePass ? hexadecimal conversion ?
why KeePassXC-mail ask for such permissions (total access to Thunderbird and the computer) ?
thanks in advance for the reply